On Sat, 2004-03-27 at 18:17, Gavin wrote:
> I currently don't have the config file split up, but it is in a
> non-context directory. Explain to me how a non-root user is going to
> able to read from a users file?
Not sure what you're asking -- are you asking why I said putting the config
file in a context directory might be a security concern? Putting it in a
context means that it could be possible for someone to request the file
using their browser (if they know or can guess the name), and the app server
would send it to them. It's the same reason you wouldn't want to put any
sensitive files in a public web-accessible directory.